Critical vulnerabilities, curated daily for security professionals
đ¯ SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
đ
Archived Security Brief
This curated brief highlights 13 critical vulnerabilities and 61 high-priority updates requiring immediate attention.
74 total vulnerabilities disclosed in last 24 hours
đĄ Tip: Swipe CVE cards left to â star, right to â remove
Section Navigation
â ī¸
CISA Known Exploited Vulnerabilities
â ī¸ CISA KEVURGENT
CVE-2014-6278
9.5
GNUGNU Bash
â° Federal Deadline:October 22, 2025(1 days remaining)
GNU Bash OS Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2017-1000353
9.5
JenkinsJenkins
â° Federal Deadline:October 22, 2025(1 days remaining)
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2015-7755
9.5
JuniperScreenOS
â° Federal Deadline:October 22, 2025(1 days remaining)
Juniper ScreenOS Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-21043
9.5
SamsungMobile Devices
â° Federal Deadline:October 22, 2025(1 days remaining)
Samsung Mobile Devices Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-4008
9.5
SmartbeddedMeteobridge
â° Federal Deadline:October 22, 2025(1 days remaining)
Smartbedded Meteobridge Command Injection Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-22555
9.5
LinuxKernel
â° Federal Deadline:October 26, 2025(5 days remaining)
Linux Kernel Heap Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2010-3962
9.5
MicrosoftInternet Explorer
â° Federal Deadline:October 26, 2025(5 days remaining)
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2021-43226
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(5 days remaining)
Microsoft Windows Privilege Escalation Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2013-3918
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(5 days remaining)
Microsoft Windows Out-of-Bounds Write Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2011-3402
9.5
MicrosoftWindows
â° Federal Deadline:October 26, 2025(5 days remaining)
Microsoft Windows Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2010-3765
9.5
MozillaMultiple Products
â° Federal Deadline:October 26, 2025(5 days remaining)
Mozilla Multiple Products Remote Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-61882
9.5đ
OracleE-Business Suite
â° Federal Deadline:October 26, 2025(5 days remaining)
Oracle E-Business Suite Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEVURGENT
CVE-2025-27915
9.5
SynacorZimbra Collaboration Suite (ZCS)
â° Federal Deadline:October 27, 2025(6 days remaining)
Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2021-43798
9.5
Grafana LabsGrafana
â° Federal Deadline:October 29, 2025(8 days remaining)
Grafana Path Traversal Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-47827
9.5
IGELIGEL OS
â° Federal Deadline:November 3, 2025(13 days remaining)
IGEL OS Use of a Key Past its Expiration Date Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-24990
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(13 days remaining)
Microsoft Windows Untrusted Pointer Dereference Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-59230
9.5đ
MicrosoftWindows
â° Federal Deadline:November 3, 2025(13 days remaining)
Microsoft Windows Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2016-7836
9.5
SKYSEAClient View
â° Federal Deadline:November 3, 2025(13 days remaining)
SKYSEA Client View Improper Authentication Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-54253
9.5đ
AdobeExperience Manager (AEM) Forms
â° Federal Deadline:November 4, 2025(14 days remaining)
Adobe Experience Manager Forms Code Execution Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2022-48503
9.5
AppleMultiple Products
â° Federal Deadline:November 9, 2025(19 days remaining)
Apple Multiple Products Unspecified Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2746
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(19 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-2747
9.5
KenticoXperience CMS
â° Federal Deadline:November 9, 2025(19 days remaining)
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-33073
9.5
MicrosoftWindows
â° Federal Deadline:November 9, 2025(19 days remaining)
Microsoft Windows SMB Client Improper Access Control Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61884
9.5đ
OracleE-Business Suite
â° Federal Deadline:November 9, 2025(19 days remaining)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
â ī¸ CISA KEV
CVE-2025-61932
9.5đ
MotexLANSCOPE Endpoint Manager
â° Federal Deadline:November 11, 2025(21 days remaining)
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
â
CRSSelect profile
đ¨
Critical Vulnerabilities
CVE-2025-57870
10đ
A SQL Injection vulnerability exists in Esri ArcGIS Server versionsMultiple Products
A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticated attacker to execute arbitr...
CVSS Base10
â
CRSSelect profile
CVE-2025-53037
9.8đ
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services ApplicationsMultiple Products
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-53072
9.8đ
Vulnerability in the Oracle Marketing product of OracleMultiple Products
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerabili...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-61757
9.8đ
Vulnerability in the Identity Manager product of Oracle Fusion MiddlewareMultiple Products
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulner...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-62481
9.8đ
Vulnerability in the Oracle Marketing product of OracleMultiple Products
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerabili...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-10916
9.1đ
The FormGent WordPress plugin beforeMultiple Products
The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary ...
CVSS Base9.1
â
CRSSelect profile
CVE-2025-60772
9.8đ
Improper authentication in theMultiple Products
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrato...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-41723
9.8đ
The importFile SOAP method is vulnerable to a directory traversalMultiple Products
The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-56447
9.8đ
UnknownMultiple Products
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-60214
9.8đ
Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows ObjectMultiple Products
Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through <= 1.2.1.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-60225
9.8đ
Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows ObjectMultiple Products
Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.
CVSS Base9.8
â
CRSSelect profile
CVE-2025-10640
9.8đ
An unauthenticated attacker with access to TCP portMultiple Products
An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional c...
CVSS Base9.8
â
CRSSelect profile
CVE-2025-52741
9đ
Improper Neutralization of Input During Web Page GenerationMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barry Kooij Post Connector post-connector allows Reflected XSS.This issue affects Post Connector: ...
CVSS Base9
â
CRSSelect profile
â ī¸
High Priority Updates
CVE-2025-62606
8.8đ
littleMultiple Products
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view
CVSS Base8.8
â
CRSSelect profile
CVE-2025-58955
8.1đ
designervily KarzoMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Karzo karzo allows PHP Local File Inclusion
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62610
8.1đ
HonoMultiple Products
Hono is a Web application framework that provides support for any JavaScript runtime
CVSS Base8.1
â
CRSSelect profile
CVE-2025-60209
8.2đ
GoogleMultiple Products
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection
CVSS Base8.2
â
CRSSelect profile
CVE-2025-11086
8.1đ
WordPressMultiple Products
The Academy LMS â WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3
CVSS Base8.1
â
CRSSelect profile
CVE-2025-53036
8.6đ
OracleMultiple Products
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
CVSS Base8.6
â
CRSSelect profile
CVE-2025-53049
8.4đ
OracleMultiple Products
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration)
CVSS Base8.4
â
CRSSelect profile
CVE-2025-62587
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62588
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62589
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62590
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-62641
8.2đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base8.2
â
CRSSelect profile
CVE-2025-53043
8.1đ
OracleMultiple Products
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog)
CVSS Base8.1
â
CRSSelect profile
CVE-2025-61751
8.1đ
OracleMultiple Products
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)
CVSS Base8.1
â
CRSSelect profile
CVE-2025-61763
8.1đ
OracleMultiple Products
Vulnerability in Oracle Essbase (component: Essbase Web Platform)
CVSS Base8.1
â
CRSSelect profile
CVE-2025-53050
7.5đ
OracleMultiple Products
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-53066
7.5đ
OracleMultiple Products
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61752
7.5đ
OracleMultiple Products
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61760
7.5đ
OracleMultiple Products
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61756
7.5
OracleMultiple Products
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration)
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62290
7.2
OracleMultiple Products
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage)
CVSS Base7.2
â
CRSSelect profile
CVE-2025-40778
8.6
UnderMultiple Products
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache
CVSS Base8.6
â
CRSSelect profile
CVE-2025-40780
8.6
specificMultiple Products
In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use
CVSS Base8.6
â
CRSSelect profile
CVE-2025-59007
8.1
themesflat TF WooMultiple Products
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection
CVSS Base8.1
â
CRSSelect profile
CVE-2025-9428
8.3
PlusMultiple Products
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api
CVSS Base8.3
â
CRSSelect profile
CVE-2025-8677
7.5
QueryingMultiple Products
Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion
CVSS Base7.5
â
CRSSelect profile
CVE-2025-41719
8.8
lowMultiple Products
A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password
CVSS Base8.8
â
CRSSelect profile
CVE-2023-53691
8.3
CenterMultiple Products
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025
CVSS Base8.3
â
CRSSelect profile
CVE-2024-58274
8.3
CenterMultiple Products
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025
CVSS Base8.3
â
CRSSelect profile
CVE-2025-59578
7.5
wpdesk ShopMagicMultiple Products
Insertion of Sensitive Information Into Sent Data vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Retrieve Embedded Sensitive Data
CVSS Base7.5
â
CRSSelect profile
CVE-2025-52737
8.8
Tijmen Smit WP StoreMultiple Products
Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection
CVSS Base8.8
â
CRSSelect profile
CVE-2025-41724
7.5
unauthenticatedMultiple Products
An unauthenticated remote attacker can crash the wscserver by sending incomplete SOAP requests
Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2
CVSS Base8.9
â
CRSSelect profile
CVE-2025-10639
8.8
ProfessionalMultiple Products
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304
CVSS Base8.8
â
CRSSelect profile
CVE-2025-52079
8.8
D-LinkMultiple Products
The administrator password setting of the D-Link DIR-820L 1
CVSS Base8.8
â
CRSSelect profile
CVE-2025-10020
8.5đ
Custom ScriptMultiple Products
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component
CVSS Base8.5
â
CRSSelect profile
CVE-2025-11957
8.4
DevolutionsMultiple Products
Improper authorization in the temporary access workflow of Devolutions Server 2025
CVSS Base8.4
â
CRSSelect profile
CVE-2025-11151
8.2
Beyaz BilgisayarMultiple Products
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd
CVSS Base8.2
â
CRSSelect profile
CVE-2025-49907
8.2
Missing AuthorizationMultiple Products
Missing Authorization vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.2
â
CRSSelect profile
CVE-2025-60206
8.2
Bearsthemes AloneMultiple Products
Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone alone allows Code Injection
CVSS Base8.2
â
CRSSelect profile
CVE-2025-9133
8.1
Zyxel ATP seriesMultiple Products
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62518
8.1
UnknownMultiple Products
astral-tokio-tar is a tar archive reading/writing library for async Rust
CVSS Base8.1
â
CRSSelect profile
CVE-2025-62775
8
devicesMultiple Products
Mercku M6a devices through 2
CVSS Base8
â
CRSSelect profile
CVE-2025-62525
7.9
OpenWrtMultiple Products
OpenWrt Project is a Linux operating system targeting embedded devices
CVSS Base7.9
â
CRSSelect profile
CVE-2025-62526
7.9
OpenWrtMultiple Products
OpenWrt Project is a Linux operating system targeting embedded devices
CVSS Base7.9
â
CRSSelect profile
CVE-2025-59566
7.6
AmentoTech WorkreapMultiple Products
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows Path Traversal
CVSS Base7.6
â
CRSSelect profile
CVE-2025-11949
7.5
EasyFlowMultiple Products
EasyFlow
CVSS Base7.5
â
CRSSelect profile
CVE-2025-60751
7.5
GeographicLibMultiple Products
GeographicLib 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-61220
7.5
incompleteMultiple Products
The incomplete verification mechanism in the AutoBizLine com
CVSS Base7.5
â
CRSSelect profile
CVE-2025-62771
7.5
devicesMultiple Products
Mercku M6a devices through 2
CVSS Base7.5
â
CRSSelect profile
CVE-2025-41722
7.5
wscMultiple Products
The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages
CVSS Base7.5
â
CRSSelect profile
CVE-2025-49376
7.5
DELUCKS DELUCKS SEOMultiple Products
Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs
CVSS Base7.5
â
CRSSelect profile
CVE-2025-49377
7.5
Themefic HydraMultiple Products
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base7.5
â
CRSSelect profile
CVE-2025-60151
7.5
CRM Perks WP GravityMultiple Products
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing
CVSS Base7.5
â
CRSSelect profile
CVE-2025-8078
7.2
Zyxel ATP seriesMultiple Products
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4
CVSS Base7.2
â
CRSSelect profile
CVE-2025-60500
7.2
ManagementMultiple Products
QDocs Smart School Management System 7
CVSS Base7.2
â
CRSSelect profile
CVE-2025-62617
7.2
AdmidioMultiple Products
Admidio is an open-source user management solution
CVSS Base7.2
â
CRSSelect profile
CVE-2025-10641
7.1
monitoringMultiple Products
All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text
CVSS Base7.1
â
CRSSelect profile
CVE-2025-58921
7.1
Arevico WP TacticalMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Tactical Popup wp-tactical-popup allows Reflected XSS